Imports System.Web.Security
Imports System.Data.SqlClient
Partial Class _Default
    Inherits System.Web.UI.Page

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        If Not IsPostBack Then
            Session("userattempts") = 0
        End If
        Dim con As SqlConnection
        Dim cmd As SqlCommand
        Dim rdr As SqlDataReader

        Dim urlVar As String = Nothing
        Dim titleVar As String = Nothing
        Dim pageidVar As Integer = Nothing
        Dim pageSubtitleVar As String = Nothing
        Dim pageDescriptionVar As String = Nothing

        con = New SqlConnection(System.Configuration.ConfigurationManager.AppSettings("sqlConn"))
        cmd = New SqlCommand("select * from pages where CMSPage = 0 and Active = 1", con)
        con.Open()
        rdr = cmd.ExecuteReader()
        While rdr.Read
            If rdr("url") = "index.aspx" Then
                pageidVar = rdr(ID)
            End If
            pageNavigationLabel.Text &= "<li><a href=" & rdr("url") & ">" & rdr("title") & "</a></li>"
        End While
        rdr.Close()
        con.Close()

        cmd = New SqlCommand("select subtitle from pages where url = 'index.aspx' and Active = 1", con)
        con.Open()
        rdr = cmd.ExecuteReader()
        While rdr.Read
            pageSubtitleLabel.Text = rdr("subtitle")
        End While
        rdr.Close()
        con.Close()

        cmd = New SqlCommand("select description from pages where url = 'index.aspx'  and Active = 1", con)
        con.Open()
        rdr = cmd.ExecuteReader()
        While rdr.Read
            pageDescriptionLabel.Text = rdr("description")
        End While
        rdr.Close()
        con.Close()

        cmd = New SqlCommand("select * from bulletins Where Active = 1", con)
        con.Open()
        rdr = cmd.ExecuteReader()
        While rdr.Read
            If rdr("bulletin_type") = "announcement" Then
                infoLinksLabel.Text &= "<p>" & rdr("bulletin_date") & " " & rdr("bulletin_text") & "<a href =" & rdr("more_url") & "> more</a></p>"
            End If
        End While
        rdr.Close()
        con.Close()

        cmd = New SqlCommand("select * from bulletins Where Active = 1", con)
        con.Open()
        rdr = cmd.ExecuteReader()
        While rdr.Read
            If rdr("bulletin_type") = "news" Then
                moreLinksLabel.Text &= "<p>" & rdr("bulletin_title") & "</p><br />"
                moreLinksLabel.Text &= "<p>" & rdr("bulletin_text") & "<P>"
            End If
        End While
        rdr.Close()
        con.Close()
    End Sub
    Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
        If Session("userattempts") >= 4 Then
            Response.Redirect("loginfailed.aspx")
        End If
        Dim con As SqlConnection
        Dim cmd As SqlCommand
        Dim rdr As SqlDataReader
        Dim strpassword As String = Nothing
        Dim userIDVal As Integer
        Dim isactiveVal As Integer
        Dim interestprofilebol As Boolean

        con = New SqlConnection(System.Configuration.ConfigurationManager.AppSettings("sqlConn"))
        cmd = New SqlCommand("SELECT ID, UserPassword, IsActive, IsInterestProfile FROM JJV_USERS WHERE (UserName = '" & txbUserName.Text & "')", con)
        con.Open()
        rdr = cmd.ExecuteReader()
        While rdr.Read
            strpassword = rdr("UserPassword")
            userIDVal = rdr("ID")
            isactiveVal = rdr("IsActive")
            interestprofilebol = rdr("IsInterestProfile")
        End While
        rdr.Close()
        con.Close()
        If isactiveVal = 0 And IsDBNull(strpassword) = True Then
            lblActiveError.Visible = True
        ElseIf IsDBNull(strpassword) And IsDBNull(userIDVal) And isactiveVal = 0 Then
            lblMessage1.Visible = True
        ElseIf isactiveVal = 0 Then
            lblActiveError.Visible = True
        Else
            If strpassword = txbPassword.Text Then
                Dim objTicket As FormsAuthenticationTicket
                Dim objCookie As HttpCookie
                Dim strReturnURL As String

                objTicket = New FormsAuthenticationTicket(1, txbUserName.Text, Now(), #12/31/2099#, False, userIDVal)
                objCookie = New HttpCookie(".ChocoChip")
                objCookie.Value = FormsAuthentication.Encrypt(objTicket)
                Response.Cookies.Add(objCookie)
                strReturnURL = Request.Params("Default.aspx")
                If strReturnURL <> Nothing Then
                    Response.Redirect(strReturnURL)
                Else
                    Dim strConnection As String = System.Configuration.ConfigurationManager.AppSettings("sqlConn")
                    Dim objConnection As New SqlConnection(strConnection)
                    Dim UpdateStr As String = "UPDATE JJV_USERS SET LastLoginDate = CURRENT_TIMESTAMP where username = '" & txbUserName.Text & "';"
                    Dim dbCommand As New SqlCommand(UpdateStr, objConnection)
                    Response.Write("true")
                    objConnection.Open()
                    dbCommand.ExecuteNonQuery()
                    objConnection.Close()
                    Session("interestprofile") = interestprofilebol
                    Response.Redirect("Secure/Default_CMS.aspx")
                    'Response.Write("You've logged in successfully")
                End If
            Else
                lblmessage2.Visible = True
                Session("userattempts") = Session("userattempts") + 1
                'Response.Write(Session("userattempts"))
            End If
        End If
    End Sub
End Class
